Follow Us on Google
By Chinenye Anuforo
Schools and universities are recovering faster, paying lower ransoms, and cutting recovery costs significantly in the fight against ransomware, according to the State of Ransomware in Education 2025 report by global cybersecurity firm Sophos.
The study, based on responses from 441 IT and cybersecurity leaders worldwide, shows that 97 percent of institutions that experienced data encryption were able to recover their information. Ransom demands fell by 73 percent in the past year, with average payments dropping from millions of dollars to less than $1 million across both primary and higher education. Recovery costs outside of ransom payments also decreased, falling by 77 percent in higher education and 39 percent in lower education.
Despite this progress, the report warned of persistent risks. Two-thirds of respondents admitted to having gaps in their security defenses, a shortage of skilled staff, or outdated protection tools. Lower education institutions reported phishing as a common entry point, while higher education institutions remain prime targets for cybercriminals seeking access to sensitive research and large datasets. The rise of AI-driven scams, including convincing phishing emails and deepfakes, is also increasing the pressure on schools.
Other News
Beyond the financial impact, the report drew attention to the personal toll on IT staff. Nearly 40 percent of those surveyed said they suffered anxiety following attacks, while more than one in four took leave from work. Many reported feelings of guilt over being unable to prevent breaches.
“Ransomware attacks on schools are among the most disruptive and brazen crimes,” said Alexandra Rose, Director of CTU Threat Research at Sophos. “It’s encouraging to see schools getting better at responding and recovering, but the real opportunity is to stop attacks before they start. Prevention, backed by strong incident response planning and collaboration, is essential as adversaries adopt new tactics, including AI-driven threats.”
The report recommended that education institutions strengthen prevention measures, secure new funding opportunities, unify cybersecurity strategies across their systems, reduce the burden on IT staff by partnering with managed detection and response providers, and enhance incident response plans through simulations and readiness services.
The survey was conducted between January and March 2025 across 17 countries, covering both primary and higher education institutions with between 100 and 5,000 employees.
